Documentation forSecurity Event Manager

SEM 2024.2 release notes

Release date: April 17, 2024

These release notes were last updated on April 24, 2024.

Here's what's new in Security Event Manager 2024.2.

Learn more

New features and improvements in SEM

Software license recycling

License recycling allows you to collect and reuse your subscription or perpetual SEM licenses from nodes that are offline and failed to send an event to the SEM Manager within a specified amount of time. You can apply license recycling to all network nodes, selected nodes, or all nodes except your selected nodes.

License recycling helps you minimize your IT software expenses by maximizing your Universal (SEM) and Workstation Edition (SWE) license pools. You can repurpose your SEM licenses to collect log data, monitor event traffic, and view historical events from only active non-agent devices and workstations in your deployment.

See Recycle SEM licenses for more information.

Publish reports using SMB file sharing

You can publish SEM reports to a file share on one external server using server message block (SMB) file sharing. This feature can help you streamline your SEM report delivery to department and management servers where authorized personnel can access their requested reports in a timely manner. You can configure SMB file sharing to one or more shares on a single Windows server.

When you run or schedule a SEM report, you can select an SMB configuration as a sharing option.

SMB uses SSH to ensure that all reports sent to an external server are secure in transit from unauthorized users.

See (Optional) Set up SMB file sharing to a Windows server in the SEM Administrator Guide for more information.

Contextual help for events and event properties

This release includes contextual help for all events included with SEM. When you click the Events drop-down menu and hover over the information icon in an event name, a pop-up window displays with a description of the event.

The following example shows the contextual help in the Events drop-down menu when you create a new rule.

If the event includes an event property, you can view the contextual help for the property.

When you create a new rule, you can mouse over the event to access the contextual help for the event.

You can access contextual help for each event in the Events drop-down menus when you:

Updated Linux Debian packages

This release includes updated Linux Debian packages on the SEM Manager appliance to further harden the application.

Updated Java Runtime Environment (JRE)

This release includes Open Java Development Kit (OpenJDK) 17.0.10 Long Term Support (LTS). This JRE version is the same version installed on the SEM Manager appliance. OpenJDK is an open source implementation of the Oracle Java platform.

Updated Apache Tomcat

This release includes Apache Tomcat 9.0.85, which provides additional enhancements to further harden the application.

Other improvements

  • Spring Web 5.3.32

Return to top

Fixes

Case number Description

00107654

00116948

00346938

00354891

 When you recycle a license, the inactive node is removed from the license pool.

00554923

 When you run the SolarWinds Installer, the installer no longer hangs during the installation procedure.

01063650

 When you run the SolarWinds, the installer no longer hangs during the upgrade procedure.

00686391

00721268

00976672

01066283

01125113

01209605

 The SEM agents now send log messages to the SEM Manager without generating an error.

01273120

 The SEM Manager can now communicate with all SEM agents in a deployment.

01292939

 The Historical Events & Reports tab now displays all historical events.

01352155

 The Configure > Directory service groups page now displays the correct connection information for each service group.

01324708

 When you create a new rule, the rule now displays correctly in the Rules screen.

01324708

 When you save a new rule, the rule is saved successfully.

01364989

 SEM no longer generates multiple alerts after upgrading to version 2023.2.

01292939

 When you create a search in the Historical Events & Reports tab, the search generates the correct events based on your search parameters.

01414779

01450379

 When you enable log forwarding, the log messages are forwarded correctly to third-party systems.

01497514

Beginning in version 2023.4, all SEM web-based regulatory and compliance reports previously located in the SEM Reports console are now located in the Historical Events and Reports tab.

See Locate migrated SEM audit reports in the SEM Administrator Guide to locate the previous report queries in the Historical Events and Reports tab.

01584460

01586140

01587735

 The SEM upgrade installer no longer generates an error message “Error: apt-get install failed” when you upgrade from a previous version to version 2024.2.

Third Party CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability title Description Severity
CVE-2024-23672 OpenSSH Privilege Escation Vulnerability Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open, leading to increased resource consumption.

4.0
Medium

CVE-2019-16905 OpenSSH Pre-Auth Integer Overflow Vulnerability OpenSSH 7.7 through 7.9, and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm.

7.8
High

CVE-2021-28041 OpenSSH Double Free Vulnerability ssh-agent in OpenSSH before 8.5 has a double free vulnerability that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

7.1
High

CVE-2021-41617 OpenSSH Privilege Escation Vulnerability sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

7.0
High

CVE-2020-14145 OpenSSH Man-in-the-Middle Vulnerability

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. If exploited, this would allow man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

NOTE: Some reports state that 8.5 and 8.6 are also affected.

5.9
Medium

CVE-2019-6111 OpenSSH Man-in-the-Middle Vulnerability

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented).

A malicious scp server (or Man-in-the-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

5.9
Medium

CVE-2019-6110 OpenSSH Man-in-the-Middle Vulnerability In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-the-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

6.8
Medium

CVE-2019-6109 OpenSSH Man-in-the-Middle Vulnerability

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm.

NOTE: The XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

6.8
Medium

CVE-2018-20685 OpenSSH SCP client improper directory name validation In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

5.3
Medium

Based on the vulnerability scans, the used Java version was flagged as vulnerable. SolarWinds does not use Java using methods affected by the following CVEs. See SolarWinds Products and Oracle Java SE Vulnerabilities for more information.

CVE-ID Vulnerability title Description Severity
CVE-2024-20918 Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4.

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

7.4
High

CVE-2024-20919 Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4.

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

5.9
Medium

CVE-2024-20921 Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4.

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

5.9
Medium

CVE-2024-20926 Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4.

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

5.9
Medium

CVE-2024-20945 Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4.

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

4.7
Medium

CVE-2024-20952  Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4.

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

7.4
High

CVE-2024-20932 Broken Access Control Vulnerability

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4.

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

7.4
High

Return to top

Before you upgrade!

Upgrade the SEM agents

For AIX, HPUX and Solaris, agent installers are not shipped with OpenJDK. As a prerequisite, install Java by performing the following steps:

  1. Upgrade your Java installation to the latest version (Java 11 or equivalent). See the system requirements for the supported versions.

  2. Upgrade the SEM agents using the latest custom Java installer.

    After you install and configure a SEM agent on an HP-UX server, the agent may not run as expected.

Return to top

Installation or upgrade

For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Get the installer.

For upgrades, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).

For more information, see the SolarWinds Platform Product Installation and Upgrade Guide.

You must be on SEM 2023.4 or later to upgrade to SEM 2024.2. If you are on a version earlier than SEM 2023.4, first upgrade to 2023.4 and then upgrade to 2024.2.
To prevent access by unauthorized users, SolarWinds recommends setting up your SEM appliance with no access to the Internet or any public-facing network. For additional security recommendations, see Secure your SEM deployment located in the SEM Administrator Guide.

Return to top

Known issues

There currently is no macOS agent

Workaround: Forward all syslogs from the macOS system.

Return to top

End of life

Version EoL announcement EoE effective date EoL effective date
2023.2 April 17, 2024: End-of- Life (EoL) announcement – Customers on SEM version 2023.2 should begin transitioning to the latest SEM version. November 1, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2023.2 will no longer be actively supported by SolarWinds. April 17, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2023.2.
2022.4 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.4 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.4 will no longer be actively supported by SolarWinds.   November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.4.
2022.2.2 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.2 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.2 will no longer be actively supported by SolarWinds.   November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.2.
2022.2.1 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.1 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.1 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.1.
2022.2 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.
2021.4 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.4 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.4 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.4.
2021.2.1 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2.1 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2.1 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2.1.
2021.2 November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2 should begin transitioning to the latest SEM version. April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2 will no longer be actively supported by SolarWinds. November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2.

See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier SEM versions, see SEM release history.

Return to top

End of support

This version of Security Event Manager no longer supports the following platforms and features.

Type Details
Reports application

The SEM Reports application is no longer supported. To create your regulatory and compliance reports, use the integrated reports functionality included in this release.

See Create regulatory and compliance reports in the SEM Administrator Guide for details about creating SEM reports.

Return to top

Legal notices

© 2024 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.